Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa
File: 35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa (raw, json)
Hash identifier: wb/+HjDtggJVrlQ4bkMw8o5WwabXeZgvgOR1jrOtZlE=
Subject key identifier: E0:25:9D:54:B4:03:8C:66:C9:4A:62:32:D8:D7:3D:D2:E5:CC:BB:5A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14BAA876A0011AECA55980F58139DF9FA4F03274
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa
Signing time: Fri 26 Sep 2025 20:00:10 +0000
ROA not before: Fri 26 Sep 2025 20:00:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:ba:a8:76:a0:01:1a:ec:a5:59:80:f5:81:39:df:9f:a4:f0:32:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:00:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=65182f784b0e29b2ac7959ca5705b4d215f97b6914c7504c97f0a68a624ff2fb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:98:8a:ff:57:01:06:b8:7a:34:29:48:49:65:
45:e4:3d:88:c3:ca:83:6e:0c:5b:8d:f0:f3:85:38:
4f:18:c7:c7:5a:d2:76:5f:3b:bc:64:b3:7a:03:6f:
20:c5:d6:bd:d5:cd:6b:54:9a:42:3d:b7:3d:9b:5c:
d4:39:9f:26:53:c7:a8:93:61:fe:ed:43:de:59:e2:
2a:a5:5f:51:a2:8e:5c:af:06:ed:54:09:66:7c:28:
68:78:1e:2a:86:c7:23:b5:80:76:a2:d8:57:d5:75:
7f:74:dc:43:63:d9:94:48:ff:f4:85:e4:b8:f0:61:
3a:43:73:9e:9d:9a:91:eb:e9:b7:33:05:96:49:32:
4c:72:e3:d5:a0:72:92:fe:a2:ee:3c:00:c7:d0:ed:
c7:42:4e:76:8c:db:30:2e:38:1c:ae:3e:2b:b4:5e:
46:e3:50:6b:95:f3:28:30:36:78:8e:8a:c3:68:78:
f2:04:83:33:3f:ff:86:0b:97:17:d4:fb:d7:b1:3a:
d0:b1:64:26:de:43:70:ac:34:fe:ad:a8:a0:b8:cb:
40:ab:70:aa:66:91:d5:a4:fc:38:93:7a:4d:10:7d:
f0:42:4d:f4:78:83:ca:d8:e3:8d:d9:5e:25:43:09:
e8:71:47:11:f8:5f:23:0a:17:af:c1:91:f6:d0:aa:
77:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:25:9D:54:B4:03:8C:66:C9:4A:62:32:D8:D7:3D:D2:E5:CC:BB:5A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35bb0da5-0a2d-4b80-aafe-af7e74cf5869.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019::/38
Signature Algorithm: sha256WithRSAEncryption
23:27:74:f8:15:54:ec:7f:fe:9d:09:4f:48:a1:5c:8e:57:26:
57:ec:75:96:1a:17:15:85:b4:fa:7e:83:4c:47:af:a7:b3:64:
b6:74:0d:9c:18:4e:cb:8a:9c:ec:45:b6:7f:f6:b3:28:72:33:
8a:20:43:6c:00:a6:16:e8:b0:07:fd:69:a5:4b:8d:cd:9e:4c:
c9:37:43:85:20:e5:c6:5f:ab:54:39:df:d6:75:e8:c9:76:04:
8e:55:89:d6:1a:6b:80:0c:d4:83:06:78:3b:b8:cd:66:26:ce:
60:35:fd:6e:88:ed:70:3d:cf:91:4f:6c:7a:ff:70:61:b0:c6:
04:6f:5a:e6:63:ed:8b:17:fa:01:14:ec:e2:26:ac:0b:51:75:
8f:e0:8c:95:25:a9:64:d5:a9:1f:8e:d1:2d:6e:25:1f:96:a3:
52:1f:9c:32:20:74:5f:f3:ce:18:81:5d:f1:69:38:2d:c1:d4:
3d:d8:85:ce:dd:30:a1:fc:5a:ac:06:8e:01:37:df:81:95:a1:
30:03:10:92:71:4c:c2:a4:ea:21:6d:8f:63:42:e3:30:d4:3e:
04:3f:e4:c8:1e:fe:6c:7b:31:16:44:c0:ca:fb:fc:3d:2c:60:
ec:63:cf:89:5d:74:43:45:8e:15:ab:39:0c:43:b6:24:4b:47:
b2:9f:41:c6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFLqodqABGuylWYD1gTnfn6TwMnQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAwMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1MTgyZjc4NGIwZTI5YjJhYzc5NTljYTU3MDViNGQyMTVmOTdiNjkxNGM3
NTA0Yzk3ZjBhNjhhNjI0ZmYyZmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+Yiv9XAQa4ejQpSEllReQ9iMPKg24MW43w84U4TxjHx1rSdl87vGSzegNv
IMXWvdXNa1SaQj23PZtc1DmfJlPHqJNh/u1D3lniKqVfUaKOXK8G7VQJZnwoaHge
KobHI7WAdqLYV9V1f3TcQ2PZlEj/9IXkuPBhOkNznp2akevptzMFlkkyTHLj1aBy
kv6i7jwAx9Dtx0JOdozbMC44HK4+K7ReRuNQa5XzKDA2eI6Kw2h48gSDMz//hguX
F9T717E60LFkJt5DcKw0/q2ooLjLQKtwqmaR1aT8OJN6TRB98EJN9HiDytjjjdle
JUMJ6HFHEfhfIwoXr8GR9tCqdz8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTgJZ1U
tAOMZslKYjLY1z3S5cy7WjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzViYjBkYTUtMGEyZC00YjgwLWFhZmUtYWY3ZTc0Y2Y1ODY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjJ3T4FVTsf/6dCU9IoVyOVyZX7HWWGhcVhbT6
foNMR6+ns2S2dA2cGE7LipzsRbZ/9rMocjOKIENsAKYW6LAH/WmlS43NnkzJN0OF
IOXGX6tUOd/WdejJdgSOVYnWGmuADNSDBng7uM1mJs5gNf1uiO1wPc+RT2x6/3Bh
sMYEb1rmY+2LF/oBFOziJqwLUXWP4IyVJalk1akfjtEtbiUflqNSH5wyIHRf884Y
gV3xaTgtwdQ92IXO3TCh/FqsBo4BN9+BlaEwAxCScUzCpOohbY9jQuMw1D4EP+TI
Hv5sezEWRMDK+/w9LGDsY8+JXXRDRY4VqzkMQ7YkS0eyn0HG
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client